From: "Randy D. Wallace Jr." <randywallacejr@gmail.com>
To: lartc@vger.kernel.org
Subject: [LARTC] RE: Load Balancing , MSN and SSL
Date: Thu, 05 Jul 2007 11:52:17 +0000 [thread overview]
Message-ID: <468CDB71.60505@gmail.com> (raw)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> HI All ,
>
> I am running a FC6 box with two internet links with load balance . Every
> thing is working fine expect the MSN connection that failed and
> reconnect every time and SSL connections . I would link to know if with
> the nona howto I could fix that .
>
> I have been tried with no success to redirect that connection only to
> one link but its look like do not work . Here my configuration :
>
> #!/bin/bash
> #
> # Script Baseado em
> http://lartc.org/howto/lartc.rpdb.multiple-links.html
> #
> #
> #
>
>
> IF0=eth1
>
> function interface_interna() {
> VALOR_IP=0
> while [ $VALOR_IP -lt 254 ] ; do
> if [ $VALOR_IP -ne 33 ] ; then
> P0_NET\x192.168.${VALOR_IP}.0
> IP0\x192.168.${VALOR_IP}.1
> ip route add $P0_NET dev $IF0 src $IP0 table T1
> ip route add $P0_NET dev $IF0 src $IP0 table T2
> fi
> VALOR_IP=$(expr $VALOR_IP + 1)
> done
> ip route add 192.168.33.0/24 via 10.1.2.1 dev eth1 src 10.1.2.2
> ip route add 192.168.33.0/24 via 10.1.2.1 dev eth1 src 10.1.2.2
> table T1
> ip route add 192.168.33.0/24 via 10.1.2.1 dev eth1 src 10.1.2.2
> table T2
> }
>
>
>
> IP1=xxx.xxx.xxx.18
> IF1=eth0
> P1_NET=xxx.xxx.xxx.16/30
> P1=xxx.xxx.xxx.17
>
>
> IP2\x192.168.254.250
> IF2=eth2
> P2_NET\x192.168.254.248/29
> P2\x192.168.254.254
>
>
>
> ip route add $P1_NET dev $IF1 src $IP1 table T1
> ip route add default via $P1 table T1
> ip route add $P2_NET dev $IF2 src $IP2 table T2
> ip route add default via $P2 table T2
>
> ip route add $P1_NET dev $IF1 src $IP1
> ip route add $P2_NET dev $IF2 src $IP2
>
> ip rule add from $IP1 table T1
> ip rule add from $IP2 table T2
>
> ip route add $P0_NET dev $IF0 table T1
> ip route add $P1_NET dev $IF1 table T1
> ip route add $P2_NET dev $IF2 table T1
> ip route add 127.0.0.0/8 dev lo table T1
>
> ip route add $P0_NET dev $IF0 table T2
> ip route add $P1_NET dev $IF1 table T2
> ip route add $P2_NET dev $IF2 table T2
> ip route add 127.0.0.0/8 dev lo table T2
>
> interface_interna
>
> ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
> nexthop via $P2 dev $IF2 weight 1
>
> #ROTAS DE BACKUP
>
> ip route add default via $P2 dev $IF2 metric 1 table T1
> ip route add default via $P1 dev $IF1 metric 1 table T2
>
> #ROTAS DE SERVICOS
>
> ip rule add fwmark 2 table 21 prio 20
> ip rule add fwmark 3 table 22 prio 20
>
> ip route add default via $P1 dev $IF1 table 21
> ip route add default via $P2 dev $IF2 table 22
>
> ip route flush cache
>
> Here the iptables mangles rules :
>
> ############# MSN Services #####################
> iptables -t mangle -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto
> msnmessenger -j MARK --set-mark 2
> iptables -t mangle -A PREROUTING -i eth1 -p udp -m layer7 --l7proto
> msnmessenger -j MARK --set-mark 2
> ############### SSL Services ###########
> iptables -t mangle -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto ssl
> -j MARK --set-mark 2
My experience with the layer7 module has been sketchy. Have you checked to
make sure that the layer7 module is catching msnmessenger traffic? It would
be a good idea to try
#iptables -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto msnmessenger -j LOG \
- --log-prefix 'MSN Messenger Packet: '
and consult /var/log/messages and make sure that layer7 is seeing it.
If it's not, the packets for msn traffic will never get marked.
a much better solution would be to mark based on destination port, and let connection
tracking take care of the rest. for example:
#DNS Traffic
#iptables -A FORWARD -i eth1 -p tcp --dport 53 -j MARK --set-mark 2
#iptables -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A FORWARD -p udp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
hope this helps!
>
> I add the rules from DNS and FTP too .
>
> But it's not seems to work .
>
> Any help will be appreciated .
>
> Saulo Silva
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGjNtxE5g7hmMpaLoRAuFwAJ9ePBgmBCQfToFaT24PZFvdIhH20ACgq52E
pFsHeJgpBIGDG6oPHdhZpnc=TgHZ
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next reply other threads:[~2007-07-05 11:52 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-05 11:52 Randy D. Wallace Jr. [this message]
2007-07-08 18:04 ` [LARTC] RE: Load Balancing , MSN and SSL Jorge Evangelista
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=468CDB71.60505@gmail.com \
--to=randywallacejr@gmail.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.